Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
CleanUp.dll
-
Size
3.9MB
-
Sample
240227-3z53gaef7x
-
MD5
e2715eea093952fe0f86212acc67c54a
-
SHA1
f859f8db122bfb7ac742639d4cf44167f70e44ce
-
SHA256
26f213e18d20aba53ef25ef1064434474c1bf563a1671217698177177603950f
-
SHA512
34a5dfb4c726e208159983040c0ae91e859a215080624bac1e0f9357cfe3cc6d5f5203b774fe3e881622e80c890e8ef54880109ccd348245a535e30fe870cca2
-
SSDEEP
98304:q9BpQLAgp0PSjNTVq3WhaQTZBGK82IM0Nm:Eovp0WEgBR8M
Static task
static1
Behavioral task
behavioral1
Sample
CleanUp.dll
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
CleanUp.dll
-
Size
3.9MB
-
MD5
e2715eea093952fe0f86212acc67c54a
-
SHA1
f859f8db122bfb7ac742639d4cf44167f70e44ce
-
SHA256
26f213e18d20aba53ef25ef1064434474c1bf563a1671217698177177603950f
-
SHA512
34a5dfb4c726e208159983040c0ae91e859a215080624bac1e0f9357cfe3cc6d5f5203b774fe3e881622e80c890e8ef54880109ccd348245a535e30fe870cca2
-
SSDEEP
98304:q9BpQLAgp0PSjNTVq3WhaQTZBGK82IM0Nm:Eovp0WEgBR8M
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Registers COM server for autorun
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-